On Friday 26 of July 2013 11:07:05 Tomas Babej wrote:
Hi,
In DomainValidator, we store a dictionary containing information
for trusted domains. This is a case-sensitive dictionary keyed by
the domain name.
We need to use case-insensitive dictionary since domain names
are generally case-insensitive.
https://fedorahosted.org/freeipa/ticket/3816
Tomas
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Yes, I know.
Tomas
From 11a562849bf3d1f744cd5c37bb285a0f6ed15e79 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Thu, 25 Jul 2013 13:54:39 +0200
Subject: [PATCH] Use case-insensitive dict for trusted domain info
In DomainValidator, we store a dictionary containing information
for trusted domains. This is a case-sensitive dictionary keyed by
the domain name.
We need to use case-insensitive dictionary since domain names
are generally case-insensitive.
https://fedorahosted.org/freeipa/ticket/3816
---
ipaserver/dcerpc.py | 36
1 file changed, 24 insertions(+), 12 deletions(-)
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 4660842fc478508a9d693b4b2a539e8c77296f84..3ef81a6dbbf23b70fe53784999adb974def5c527 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -150,18 +150,29 @@ class DomainValidator(object):
return True
def get_trusted_domains(self):
-Returns dict of trusted domain tuples (flatname, sid, trust_auth_outgoing), keyed by domain name
-cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts, self.api.env.basedn)
+
+Returns case-insensitive dict of trusted domain tuples
+(flatname, sid, trust_auth_outgoing), keyed by domain name.
+
+cn_trust = DN(('cn', 'ad'), self.api.env.container_trusts,
+ self.api.env.basedn)
+
try:
search_kw = {'objectClass': 'ipaNTTrustedDomain'}
filter = self.ldap.make_filter(search_kw, rules=self.ldap.MATCH_ALL)
-(entries, truncated) = self.ldap.find_entries(filter=filter, base_dn=cn_trust,
- attrs_list=[self.ATTR_TRUSTED_SID,
- self.ATTR_FLATNAME,
- self.ATTR_TRUST_PARTNER,
- self.ATTR_TRUST_AUTHOUT])
+(entries, truncated) = self.ldap.find_entries(
+filter=filter,
+base_dn=cn_trust,
+attrs_list=[self.ATTR_TRUSTED_SID,
+self.ATTR_FLATNAME,
+self.ATTR_TRUST_PARTNER,
+self.ATTR_TRUST_AUTHOUT]
+)
+
+# We need to use case-insensitive dictionary since we use
+# domain names as keys and those are generally case-insensitive
+result = ipautil.CIDict()
-result = dict()
for dn, entry in entries:
try:
trust_partner = entry[self.ATTR_TRUST_PARTNER][0]
@@ -170,13 +181,14 @@ class DomainValidator(object):
except KeyError, e:
# Some piece of trusted domain info in LDAP is missing
# Skip the domain, but leave log entry for investigation
-api.log.warn(Trusted domain '%s' entry misses an attribute: %s,
-dn, e)
+api.log.warn(Trusted domain '%s' entry misses an
+ attribute: %s, dn, e)
continue
+
trust_authout = entry.get(self.ATTR_TRUST_AUTHOUT, [None])[0]
-# We were able to read all Trusted domain attributes but the secret
-# User is not member of trust admins group
+# We were able to read all Trusted domain attributes but the
+# secret User is not member of trust admins group
if trust_authout is None:
raise errors.ACIError(
info=_('communication with trusted domains is allowed '
--
1.8.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel